Note: To manage access control the role must have authorize permission on
the resource for the type of permission. When AUTHORIZE is granted
without specifying FOR permission,
the role can manage all permissions on the object.

resource_name

DataStax Enterprise database objects on which permissions are applied.
Database resources have modelled hierarchy, the permission on a top
level object gives the role the same permission on the objects
ancestors. Identify the resource using the following keywords:

The name of the role that the permission was granted or authorized on.

username

If the role is associated with a legacy user account the user name displays, else
the role name displays.

resource

The resource name in angle brackets.

permission

The name of the permission.

Tip: When ALL PERMISSIONS
is used, each type of permission associated with the resource is granted.

granted

True - Execute commands granted by the permission on the resource. When AUTHORIZE is granted equals true,
the users with the role can grant other permissions that have granted to them on
the resource to other roles.

True - Denies execution of the commands associated with the
permission on the resource even if granted is true. If grantable is true, users
with the role can still AUTHORIZE roles other than their own.

False - Users can execute commands that have granted equal to
true.

grantable

True - Allows grant or revoke of the permission on the resource to another role, other than any of their
own roles.